CVE-2024-27887

Root

Cause CVE-2024-27887 is a path handling issue in macOS Sonoma that leads to insufficient redaction of user-sensitive data in system logs. Apple addressed the flaw in macOS Sonoma 14.4 by improving validation and private data redaction for log entries [1][2].

Exploitation

The vulnerability is exploitable by a malicious app already installed on the system. No special privileges or network access are required beyond the ability to run code on the affected macOS version. The app can observe user data that was improperly logged, particularly data related to accessibility notifications [1][2].

Impact

An attacker who successfully exploits this issue can access user-sensitive data that was not properly redacted from log entries. The impact is limited to information disclosure; the attacker does not gain code execution or system control. Apple rates the severity as Medium with a CVSS v3 score of 5.5 [1][2].

Mitigation

Apple fixed the vulnerability in macOS Sonoma 14.4, released on March 7, 2024. Users should update to the latest version to remediate the issue. There are no known workarounds, and the CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1][2].